Re: Unable to recover password for user Tobias Platen
Hello, On Sun, Feb 11, 2024 at 08:22:18AM +0100, Tobias Alexandra Platen wrote: > > I tried to recover my account using > https://savannah.nongnu.org/account/lostpw.php > and I did not recieve any email within 12 hours, > on any of my accounts. Last time I used savannah > is more than one year ago, I do not remember > my password nor the email address I used. The email was gnu@, our logs say, Feb 11 ... status=bounced (host ...said: 550 5.1.1 : Recipient address rejected: User unknown in relay recipient table (in reply to RCPT TO command)) Does that help? signature.asc Description: PGP signature
Re: Uploading to dl.sv.gnu.org
On Tue, Jan 30, 2024 at 09:02:57PM +0100, Dora Scilipoti wrote: > > until not long ago, members of the audio-video group were able to upload > files to that server as follows: > > $ rsync -tvz --progress FILE usern...@dl.sv.gnu.org:/srv/audio-video/video/ > > The options -tvz don't seem to work anymore. What works for me now is > -tvr. > > Is anyone here aware of what has caused this? Before 2023-11, the server accepted virtually any rsync options; that allowed users to get sensitive data from the server, so we introduced a limit on the set of permitted options. > What should we do in order to keep informed about changes like this that > affect our capacity to use the server? The server informs the user about the available options whenever it sees any command that doesn't fit them. signature.asc Description: PGP signature
Re: Spam message when using CVS for webpages
On Wed, Oct 18, 2023 at 02:04:11PM -0400, Ian Kelling wrote: > > I definitely admire the ingenuity to offer source code in more > places. However, I'm pretty confident Savannah webpages are a sufficient > place to satisfy the AGPL requirement of offering source, and adding > output like this to command line operations where the only expected > output is information related to the operation is undesirable for > various reasons and will very likely cause breakage for scripts and > tools which make calls to Savannah. I'm aware that it interfered with Karl's scripts; I'm also aware that it works fine with GNUN scripts, the scripts updating www.gnu.org pages and Emacs-to-CVS interface, so I wouldn't say it's really very likely to break tools. The modified script has been running for a month on vcs1 and for over four months on download0, it can wait for a day or two for rms' clarifications. we seldom have such opportunities to gather users' feedback, they occur much rarelier than, say, the fundraiser. signature.asc Description: PGP signature
Re: Spam message when using CVS for webpages
On Thu, Oct 19, 2023 at 11:04:42AM +, Ineiev wrote: > I can think of adding a command like 'offer-source' to sv_membersh, > with a message on the page where the users register their SSH keys. > that would reasonably guarantee the awareness for the new users, > but the existing users rarely change their SSH keys. clearing all > SSH keys in Savannah would make Savannah admins unable to use them > for recovering lost accounts. of course, we could save a reserved > copy, but the need for the users to re-fill their keys would alone > be quite annoying. Historically, AGPLv1 (created by Affero and approved by the FSF [0]) only required ([1], Section 2d) that existing opportunities to request transmission of the source code be preserved. AGPLv3 Section 13 [2] removed that condition and said that any modified version must offer the corresponding source code. So I wonder what was AGPL author's intention: * Is this kind of indirection acceptable at all? I mean, technically, it wouldn't be the script that prominently offers all its users the source code, but the directions on how to get the source code are placed at the web page where keys needed to use that script are registered. * Is it acceptable to only notify new users and those who update their registered keys? if yes, we could avoid forcing all Savannah users re-register their keys just to make sure they saw the notice about how to get the source code. [0] https://www.gnu.org/licenses/license-list.html#AGPLv1.0 [1] https://directory.fsf.org/wiki/License:AGPL-1.0-only [2] https://www.gnu.org/l/agpl-3.0.txt signature.asc Description: PGP signature
Re: Spam message when using CVS for webpages
On Thu, Oct 19, 2023 at 11:21:43AM +0100, Gavin Smith wrote: > > Also, if sv_membersh is copyrighted to the FSF a simple solution would > be relicensing it to avoid this requirement. No, it isn't.
Re: Spam message when using CVS for webpages
On Thu, Oct 19, 2023 at 11:16:06AM +0100, Gavin Smith wrote: > > I proposed that the program could offer the source via some kind of > messaging service on the Savannah web portal that users would be > guaranteed to be aware of and have access to, in order to satisfy the > AGPL requirements. There could be an entry in the side menu like > "Automatic notices" along with the number of unread notices. > > sv_membersh together with what helper scripts or programs are > providing the notifications would be considered a single unit that is > providing its notifications in accordance with the AGPL. First, Savane has no messaging service, it relies on email; more important, I'm not sure how to guarantee the awareness. sv_membersh could send the offer via email, but then it would have to depend on that additional service (if I'm not mistaken, hosts like download0 currently don't use it); then, having emails on every VCS network transaction wouldn't be better than what we have now. I can think of adding a command like 'offer-source' to sv_membersh, with a message on the page where the users register their SSH keys. that would reasonably guarantee the awareness for the new users, but the existing users rarely change their SSH keys. clearing all SSH keys in Savannah would make Savannah admins unable to use them for recovering lost accounts. of course, we could save a reserved copy, but the need for the users to re-fill their keys would alone be quite annoying. signature.asc Description: PGP signature
Re: Spam message when using CVS for webpages
On Wed, Oct 18, 2023 at 01:15:30PM -0600, Bob Proulx wrote: > Ineiev wrote: > > Savane is the free software hosting system savannah.gnu.org runs. > > > > sv_membersh is the restricted shell used as the login shell for Savane users > > when they connect via SSH. > > > > Savane released under the AGPL; offering the corresponding source code > > is a requirement of the AGPL. > > I spent some time looking at this issue and my assessment is that > sv_membersh is only a peripheral part of Savannah at best. It isn't > needed for Savannah to operate. It's a security gate that we use to > protect the host from potentially malicious activity or potentially > accidental harm. I can't see why this matters. what matters is the fact that we use it. since we use it, we must comply with its license. > It does not need to be savane software and might be > any suitable component program. Only part of the message depends on this, the one saying it's part of Savane. if it were part of Giungla, it would say, "sv_membersh is part of Giungla." > Even though Savannah as a whole is distributed under the AGPL Savannah > makes use of many programs which are licensed under other licenses > such as the other various GPL versions and other permissive licenses. I feel that as expressed, this mixes Savane, the package we maintain in Savannah 'administration' group, and Savannah, the set of services the GNU Project provides. we don't distribute Savannah, and it is based on a few separate programs, each with its own licensing terms. > That the whole of Savannah is available under the AGPL does not make a > requirement that every component used in Savannah be forced into the > AGPL. No, but sv_membersh and the Savane Perl modules it uses were released under the AGPL, and we both jointly can't just reconsider that decision. > For example GNU ls does not emit its license upon every invocation. > That would interfere with its primary function. But ls will emit its > license information when this is asked for with ls --version. GNU ls is distributed under the GPL, and what you are speaking about is covered by the GPLv3 Section 5d, which explains that the legal notices may be accessible via a prominent item in the list of options the interface presents, and moreover, when an interactive interface doesn't display the notices, the licensee isn't required to make it display them. In contrast, sv_membersh is distributed under the AGPL; now, the AGPL does include the same provisions, but also adds Section 13 requiring that our modified version prominently offer all users interacting with it remotely an opportunity to receive the corresponding source of our version; and AGPL Section 13 has nothing like "you needn't make it do so if it doesn't." signature.asc Description: PGP signature
Re: Spam message when using CVS for webpages
On Wed, Oct 18, 2023 at 03:46:55PM +0100, Gavin Smith wrote: > I am trying to update a project's webpages after a new release, but > every time I issue a cvs command the message is printed: > > > sv_membersh is part of Savane. > > In order to download the corresponding source code of Savane, run > > > > rsync -avz --cvs-exclude ga...@cvs.savannah.nongnu.org:/opt/src/savane . > > I don't know what sv_membersh or Savane is or why I should care. Savane is the free software hosting system savannah.gnu.org runs. sv_membersh is the restricted shell used as the login shell for Savane users when they connect via SSH. Savane released under the AGPL; offering the corresponding source code is a requirement of the AGPL. Do you think the message should elaborate on these points? > This message was not printed before and is distracting and confusing. I > have updated GNU webpages using CVS many times over several years and never > had this message before. That was an omission. > Using CVS from the command line is fiddly enough as it is (as I only > use CVS infrequently to update GNU webpages I don't use it enough to be > comfortable with it) without having extra messages to worry about. > This message looks like an advert to me and isn't helpful. If I wanted > to download the source code of Savane I would look for it myself, without > having it shoved in my face. The problem is, we don't deploy the exactly same version for all Savannah hosts at once, we update them one by one, so you hardly would be able to tell which Git commit corresponds to software running on the particular host; this feature makes sure the users can download the right version. > Can this unnecessary and annoying message please be removed? You can disable that message in your Savannah account configuration (the 'Quiet SSH member shell' checkbox). signature.asc Description: PGP signature
Re: failed to download man-db-2.12.0.tar.xz
On Mon, Oct 16, 2023 at 12:34:28PM +0800, wen zhang wrote: > When i tried to download man-db-2.12.0, i was redirected to > 'https://bigsearcher.com/mirrors/nongnu/man-db/ > man-db-2.12.0.tar.xz ' from ' > https://download.savannah.nongnu.org/releases/man-db/man-db-2.12.0.tar.xz', > then failed because man-db-2.12.0.tar.xz has not been synced after 20 days > of release. > I tried to find bigsearcher's contact information but failed, may someone > remove this mirror from savannah's 302 redirection list or contact with > them to find a solution? Thank you for report, I've done both. signature.asc Description: PGP signature
Re: Hosting a tiny library
Hello, Anton; On Tue, Sep 19, 2023 at 07:37:51PM +0300, Anton Shepelev wrote: > > Does a super-tiny project stand a change of acceptance into > Savannah? ... > The project is very small, consisting of a pair of .c and .h > files, with potentially a bunch of additional .c files > implementing different memory-management (grow/shrink) > strategies, but this is only planned for the future. A .[ch] pair may turn out too small; any bunch of files will make the package big enough. In any case, our team will need a complete (if not functional) tarball to evaluate. signature.asc Description: PGP signature
Re: Is PHP available to projects' web pages?
On Sun, Jul 30, 2023 at 10:42:21AM +, Alan Mackenzie wrote: > > Yes, I can see my way to generating the .html files. PHP is used solely > to include boilerplate files (like lists of links) into the main files. Apache SSI commands like must work [0]... > I'm not looking forward to removing all but one of the duplicate > copyright/license statements which will appear in these files because of > this file inclusion. But I know how to do that. ...however, copyright and license notices should be written in the covered files directly; if they aren't, it's too easy to end up with invalid notices [1]. [0] https://savannah.gnu.org/maintenance/HomePage/ [1] https://www.gnu.org/licenses/gpl-howto.html#why-license-notices signature.asc Description: PGP signature
Re: Moving an existing project from SourceForge to Savannah.
Hello, Alan; On Tue, Jul 25, 2023 at 10:55:30AM +, Alan Mackenzie wrote: ... > I would thus like to move the project from SourceForge to Savannah. May > I take it this would be acceptable and welcomed? Yes; it's nice to see software migrating to more user-respecting forges, https://www.gnu.org/software/repo-criteria-evaluation.html > Looking at the Savannah site, there are a couple of things which confuse > me. I couldn't find a definition of what is meant by "group". It seems > to mean the name of a project (in my case, "CC Mode") and/or the Linux > file-system group name under which project files will be stored > ("cc-mode"). The "project" is a type of group; other group types hosted on Savannah include GNU User Groups, www.gnu.org portions and www.gnu.org translation teams. > Also, there is on the page "register" an opportunity to give a *.tar.gz > URL or upload a file to Savannah. What is this tarball? Is it a > tarball of an existing repository, or just of the project's source > files? It's a release of source files; we use it to see if the registered package follows our hosting requirements. > I would also like to preserve the project's mailing list, if possible. > I have a copy of posts going back to 2001 on my own machine, I don't > know if it will be possible to extract a more complete copy from > SourceForge. Do you see any problems, here? Currently, the main > mailing address for this list is bug-cc-m...@gnu.org, and the gnu server > forwards the mail to the SourceForge address. I foresee this address > remaining the main address for the list, relocated back to Savannah. I think you can use your old mailing list or migrate to lists.gnu.org. > What about old releases? How much point is there, trying to preserve > these? SourceForge still has releases going back around 20 years, to > release 5.26. Current (three years old) is 5.35. They do not take up > much space (around 700 kByte each). The older releases must be presumed > lost. You'll be able to upload them to Savannah download area. signature.asc Description: PGP signature
Re: Savannah "Forum Error"
On Wed, Jun 28, 2023 at 02:19:38AM +0200, Dora Scilipoti wrote: > > https://savannah.gnu.org/forum/forum.php?forum_id=0 still leads to the > error page for me (I did cleared the cache). Sorry; the link on www.gnu.org/home.html was fixed.
Re: Savannah "Forum Error"
On Tue, Jun 27, 2023 at 01:29:44AM +0200, Dora Scilipoti wrote: > > on Monday June 25 I submitted a news item in the www group in Savannah. ... > https://savannah.gnu.org/forum/forum.php?forum_id=0. Following that link > leads to an error page with a notice that says, "Error - choose a forum > first." > > Any idea of what is causing it and how it can be solved? Thank you, fixed. It was a relatively recent regression in Savannah web UI.
Re: SVN patch authors and email addresses
On Mon, May 15, 2023 at 11:25:42PM -0700, Michael Eager wrote: > > As a starting point, you could use > > > > https://savannah.gnu.org/u/ > > Thanks. That did get me a couple of names. Still have a few missing. When that page is absent, we are not likely to have any info about that person; for example, when users delete their accounts, their "real" names and emails are erased. Probably you'll have to resort to filling the missing info with something like anonym...@example.net. signature.asc Description: PGP signature
Re: SVN patch authors and email addresses
On Mon, May 15, 2023 at 02:52:43PM -0700, Michael Eager wrote: > I'm investigating converting the DDD repository from Subversion to GIT. > > Part of the process involves creating a file of patch authors with their SVN > user names and the corresponding full name and email address which GIT uses. > > I don't find a listing of on the Savannah website of members or a way to > search by user name. Is there a way to find this information? Or someone > who can update a short list of patch authors for me? As a starting point, you could use https://savannah.gnu.org/u/ signature.asc Description: PGP signature
Re: Help with updating Savannah web page
On Mon, Apr 24, 2023 at 03:49:45PM -0700, Michael Eager wrote: > On 4/24/23 15:12, Karl Berry wrote: > > Hi Michael - some quick answers. Maybe others know better. > > > > Is there documentation how to configure or update the page? > > > > https://savannah.gnu.org/cvs/?group=ddd > > > > In short, do a cvs checkout (as project member) of the "webpages > > repository". The exact invocation will be shown on that page. > > That is the DDD project web page, not the Savannah web page. > I've been updating these web pages. I wonder if you mean group public info, https://savannah.gnu.org/project/admin/editgroupinfo.php?group=ddd > > A bit more info: > > https://savannah.gnu.org/maintenance/HomePage/ > > > > How do I update the Latest News area? > > > > https://savannah.gnu.org/news/?group=ddd > > "Submit" to submit news, then, as manager of the group, > > you can "Manage" (approve) the submitted items. > > There does not appear to be any way to delete news items. Only recent news (two weeks old or so) can be deleted. > > Possibly unrelated: how do I request a @gnu.org email alias? > > > > Email sysad...@gnu.org. Good guess that Savannah volunteers cannot > > modify gnu.org email setup :). The options I'm aware of are, * (Possibly unrelated) create a mailing list, https://savannah.gnu.org/mail/admin/?group=ddd * Request a fencepost account, as a maintainer of a GNU package, https://www.gnu.org/software/README.accounts.html * When you have a fencepost account, you'll be able to add aliases in /com/mailer/aliases signature.asc Description: PGP signature
GNU/Linux distributions in download area [was: Little questions]
On Fri, Apr 07, 2023 at 05:06:17PM +0200, stef...@manjaro.org wrote: > I want know What Is the size offered > for download section. I Need at last 40Gb for store packages archives for a > Linux Os system. We have no resources to host whole OS distros; probably we should mention this somewhere in our documentation. signature.asc Description: PGP signature
Re: DNS issue affecting gnu.org (and subdomains)
On Sun, Mar 26, 2023 at 12:55:56PM -0400, James Cloos wrote: > BP> +1 for the https://hostux.social/@fsfstatus status page. > > try it w/ links or the like. > > useless. > > ecmascript should *never* be required. > > especially for something like a status page. +1. Also, it just replied with "403 Forbidden" when I accessed it via Tor.
Re: Question about the project hosting requirements of Savannah
On Tue, Mar 07, 2023 at 02:52:59PM +1100, Svetlana Tkachenko wrote: > > (In the scenario that program 1 that requires the user to run a non-free > program 2 in order for the user to be able to utilize program 1, program 1 is > considered non-free.) To be precise, it isn't necessarily nonfree, but it depends on nonfree software, which isn't acceptable for Savannah. signature.asc Description: PGP signature
Re: Savannah project website in Git?
On Mon, Mar 06, 2023 at 03:54:09PM +0100, Andreas Rönnquist wrote: > > I am using the services of savannah.nongnu.org, and they are working > nicely for my project - with one minor exception. I would like to have > my project web page source in git to, and not in CVS. Using Git means that next to every user will download the whole history of changes with logs for every file in the tree, which is an overkill for web pages where typical use cases are fixing a typo on a page, uploading a new page or at most making a set of changes on multiple pages. Our Git server already suffers overloading; if Git is used for web pages, the situation will yet deteriorate. > But, since we currently have it in CVS - have anybody made the effort > to handle the CVS repository with git on top of it? It should > definitely be doable. Sure; it would save Savannah Git server from the additional load, though the resources still would be wasted when downloading unneeded data from CVS. signature.asc Description: PGP signature
"Watched partners" in Web UI
Hello, Currently, Savane allows to add "watched partners" from the groups the user is a member of on the "My groups" page, with links to partners' pages (/users/*partner*); and vice versa, that area includes links to people who "watch" you. It's also said that those who "watch" people will receive all their notifications from the trackers of the relevant groups, but this is wrong, and I wouldn't be surprised if it turned out that the notifications have never been passed to the "watchers"; furthermore, I'm not sure if we want that. What do people think? should we implement the notifications, fix the description, drop the feature completely, do something else? signature.asc Description: PGP signature
Re: Invalid confirmation hash
Hello; On Wed, Jan 25, 2023 at 07:10:46PM +0100, Pablo Angulo wrote: > A collaborator can not sing in into savannah. He gets an error about an > invalid confirmation hash (exact words are in spanish). > He has tried two different emails, one from google, the other from our > university. He tried several times to get a new confirmation email... > Do you know if sign in is working properly? For spammers, it does: they register a few accounts every day, our cron job clears them automatically. Savannah admins can activate accounts for those who have problems.
Re: Savanah Username, Password.
On Sun, Nov 27, 2022 at 09:19:59PM +0100, sundaresh venugopal wrote: >My email is this, sundar...@mail.com. But I have not operated my >account with this email for a long time. I do not remember my username >and password. Preferably I would like to have the existing account >deleted and register anew. Your account is cherio; you should be able to reset your password via https://savannah.gnu.org/account/lostpw.php
Re: want to reset password, but email is defunct
On Thu, Jun 02, 2022 at 02:47:05PM -0700, Scott McPeak wrote: > Seems like a sensible precaution. I'm in no rush. Sending a notification > email to the old address seems like a good idea regardless of the reason > for the change to an account email. The old address bounced; I went ahead and updated the email in your account; you should be able to reset your password (may Gmail be benevolent). signature.asc Description: PGP signature
Re: want to reset password, but email is defunct
On Wed, Jun 01, 2022 at 11:39:52PM -0700, Scott McPeak wrote: > > If possible, I'd like to regain access to the account "smcpeak". My > password manager says I last accessed it on 2012-06-06. I still have what > should be the password, but it does not work at > https://savannah.nongnu.org/account/login.php . I'm pretty sure the email > for that account is "smcp...@coverity.com", but I no longer have access to > that, so cannot reset normally. > > Is there a procedure for recovering access in this situation? The email for that account is correct; you registered neither SSH keys nor GPG keys, so I have no idea how your identity could be confirmed; on the other hand, the account isn't member of any group, and its history amounts to a dozen comments in trackers (the latest was in 2009), so we could grant you access without any strong proof. What do other Savannah hackers think? signature.asc Description: PGP signature
Re: Question on new project
On Wed, May 18, 2022 at 04:51:02PM +0900, Nikolaos Chatzikonstantinou wrote: > > I would like to host a new project. It's currently sitting on my local > drive in an unfinished state, but I would like to share it before its first > release, to get input from others and so on. Registration implies some work from Savannah admins, and we don't approve new packages until they pass our hosting requirements like having proper legal notices, so at least that part has to be "finished". If you just want to show it somebody, you could use a service that has no manual evaluation stage in its registration process, like repo.or.cz in case you use Git. signature.asc Description: PGP signature
Re: Authenticating git.savannah.gnu.org
On Fri, Apr 29, 2022 at 01:54:13AM -0700, Yuan Fu wrote: > > debug1: Authentications that can continue: publickey,password > debug1: Offering public key: yuan@Brown ED25519 > SHA256:xDlZxIRWzZBaA+Xg/J/Y4O96EtMj7ezWrbtLIN0Bgm4 agent > debug3: send packet: type 50 > debug2: we sent a publickey packet, wait for reply > debug3: receive packet: type 51 > > Seems my key is rejected? Yes. The fingerprint of the key registered in your account is SHA256:jCGSDL+P+BqJ+v0NdXDABsY1I3Y7cjMXhb/5qG+haTc yuan@Brown (ED25519) Probably ssh offers a wrong key. signature.asc Description: PGP signature
Re: Authenticating git.savannah.gnu.org
On Sat, Apr 23, 2022 at 11:45:07PM -0700, Yuan Fu wrote: > > ssh -v -i ~/.ssh/id_rsa caso...@git.savannah.gnu.org > > Thanks, it seems my key didn’t work? Below is the output of ssh. > > debug1: Will attempt key: /Users/yuan/.ssh/id_rsa RSA > SHA256:+1b/NEVSa5oNjZXtT3O1N8KF2wHYOUH62w3AK/V8r8o explicit > debug1: Will attempt key: /Users/yuan/.ssh/id_rsa RSA > SHA256:+1b/NEVSa5oNjZXtT3O1N8KF2wHYOUH62w3AK/V8r8o explicit > debug1: SSH2_MSG_EXT_INFO received > debug1: kex_input_ext_info: > server-sig-algs= > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,password > debug1: Next authentication method: publickey > debug1: Offering public key: /Users/yuan/.ssh/id_rsa RSA > SHA256:+1b/NEVSa5oNjZXtT3O1N8KF2wHYOUH62w3AK/V8r8o explicit > debug1: Authentications that can continue: publickey,password > debug1: Offering public key: /Users/yuan/.ssh/id_rsa RSA > SHA256:+1b/NEVSa5oNjZXtT3O1N8KF2wHYOUH62w3AK/V8r8o explicit > debug1: Authentications that can continue: publickey,password > debug1: Next authentication method: password > > Then I uploaded another key, waited an hour and tried with the new key, still > no luck. Make sure that the offered key is (one of the) registered; no need to wait, the changes in Savannah account are in effect immediately; add two more -v to ssh invocation, ssh -vvv caso...@git.savannah.gnu.org signature.asc Description: PGP signature
Re: Changed access rights in the bug-tracker "savannah.gnu.org/bugs/?group=groff"
On Sun, Mar 27, 2022 at 07:39:15PM +, Bjarni Ingi Gislason wrote: > https://savannah.gnu.org/bugs/?group=groff > > When clicking on a bug number in column "Item ID" a message appears: > > "You are not allowed to post comments on this tracker with your current > authentication level". Thank you, fixed. signature.asc Description: PGP signature
multiple changes in Savannah web code
Hello, I've just pushed and installed a lot of changes in the frontend part of Savane; the commits mostly re-implement sanitizing user-supplied values in a stricter way. I think this should fix the XSS issues reported almost a year ago. Please report bugs. Thank you! signature.asc Description: PGP signature
Re: Daily News Aggregation
On Mon, Oct 11, 2021 at 12:07:37PM -0400, Stephen H. Dawson, DSL via Discussion of savannah-announce and any user-oriented topic wrote: >The RSS feed from planet.gnu.org is missing project information from >GNUrc. >[1]https://lists.gnu.org/archive/html/info-gnu/2021-10/index.html >This listing is incomplete compared to planet.gnu.org. >Do you now understand the holes in play? I'm afraid, I don't. The GNU Project has no 'GNUrc' package, and I'm not sure what "this listing" is, to say nothing of why it is incomplete. signature.asc Description: PGP signature
Re: Daily News Aggregation
On Mon, Oct 11, 2021 at 09:59:43AM -0400, Stephen H. Dawson, DSL via Discussion of savannah-announce and any user-oriented topic wrote: ... >There is nothing I see that has a list of GNU project news beyond >planet.gnu.org for the specifics of a project. I'm not sure I understand this... what's wrong with info-gnu@? >Since the identified RSS feed does not have all of the material at >planet.gnu.org as listed there,.. But I think it does; it even includes entries that really have no relation to the GNU Project. signature.asc Description: PGP signature
Re: Daily News Aggregation
On Mon, Oct 11, 2021 at 07:30:48AM -0400, Stephen H. Dawson, DSL via Discussion of savannah-announce and any user-oriented topic wrote: >Yes, the URL is what I remember. What I also remember is an email that >came daily to tell of the entries posted there. >I am not clear on the communication reasoning in play. Posting all of >the good news about GNU to respective news feeds is great. Aggregating >them to this URL is even better. However, the option to have a >collection sent by email makes sense to me. >[1]https://planet.gnu.org/rss20.xml >I just checked the RSS feed. It does not receive the entries from the >9th posted to [2]https://planet.gnu.org/. Something is off on the RSS >side of the feed. Also, the absence of the email option means GNU is >not communicating to the public as intended. The GNU Project has the info-gnu mailing list for announcements, https://lists.gnu.org/mailman/listinfo/info-gnu There are also other channels for news related to GNU, https://www.gnu.org/keepingup.html signature.asc Description: PGP signature
Re: problem connecting to cvs.savannah
On Tue, Aug 24, 2021 at 11:55:13AM +, Wensheng Xie wrote: > I updated my PC. Now I had a problem in accessing the repository: ... > If I ping cvs.savannah.gnu.org, the connection is there. > > What do I need to check? What is the output of this command? ssh -v w...@cvs.savannah.gnu.org signature.asc Description: PGP signature
Re: Unlicensed game source code hosting
On Wed, Jul 07, 2021 at 03:32:46PM +0200, dj Stolen wrote: > > I am a BoardGameGeek and as I was browsing https://boardgamegeek.com I > found some implementation of games which are only there on the site > (nowhere else). ... If I understand you correctly, you were considering storing programs developed by other people. The purpose of Savannah is different: we exist to help people develop software and technical documentation, we don't provide storage and back-up services. signature.asc Description: PGP signature
Re: Can no longer login to savannah.
On Mon, Mar 22, 2021 at 10:22:01AM +0100, Carlo Wood wrote: > > This worked, because now I can do ssh ca...@cvs.savannah.gnu.org > and it doesn't ask for my password anymore (I get an error that > I am not allowed to execute that command; obviously because it > is a restricted shell for cvs only). > > However, when I do: > > which> cvs diff > > nothing happens. That command just hangs. > Any idea how I can investigate that? I would check if these things work: * "member" cvs checkout * anonymous cvs checkout and cvs diff with it signature.asc Description: PGP signature
Re: Group keyrings
Hello; On Tue, Feb 09, 2021 at 04:03:25PM +, Ineiev wrote: ... > Probably, it would be better if each group had a public area > where its admins (rather than every member) could post only keys > used for releases, like GnuPG does [1]. I've pushed a patch for it > to the group-keyring branch [2]. I've just installed the changes on Savannah, including updated documentation, https://savannah.gnu.org/maintenance/UsingGpg/ https://savannah.gnu.org/maintenance/DownloadArea/ Please check if anything needs fixing; after that, we probably should make an announcement in the Savannah News area. Thank you! signature.asc Description: PGP signature
Group keyrings
Hello, [re-posted from savannah-hackers-public] Currently, Savannah serves all GPG keys registered in accounts of group's members as the keyring of the respective group, like [0]. This keyring doesn't work very well as a source of signing keys of group's releases, because the group may have many more members than persons who actually sign releases: any member can carelessly register new keys without thinking about the impact on the security of released files, and team's admins have to but monitor the aggregated keyring---I don't believe anyone actually does (also, people may have one key for getting encrypted personal emails and another key for signing tarballs). In particular, the set of keys registered by members of 'emacs' has quite a few very old keys, and one of them is dsa768; as far as I understand, such keys aren't considered adequate these days. if the bad ones crack such a key and replace files on a mirror (I think it would be easier to setup a mirror and register it on Savannah than to crack the key), they'll be able to get round the signature verification for those who are unfortunate enough to pick that mirror. Probably, it would be better if each group had a public area where its admins (rather than every member) could post only keys used for releases, like GnuPG does [1]. I've pushed a patch for it to the group-keyring branch [2]. What do people think? [0] https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=emacs [1] https://www.gnupg.org/signature_key.html [2] https://git.savannah.gnu.org/cgit/administration/savane.git/log/?h=group-keyring signature.asc Description: PGP signature
Re: Account Name
On Fri, Oct 09, 2020 at 12:51:36AM +0200, Andrea G. Monaco wrote: > I can't remember my user name on Savannah. I used this email address. No account currently uses this email address; are you sure you used it? signature.asc Description: PGP signature
Re: IdleAccounts
On Thu, May 28, 2020 at 02:23:34AM +0200, Thomas De Contes wrote: > > Le 28 mai 2020 à 01:31, Jan Owoc a écrit : > > > On Wed, May 27, 2020, 16:36 Thomas De Contes, wrote: > > > >> I'm a member of this project : > >> https://savannah.nongnu.org/project/memberlist.php?group=rapid > >> but i don't have a lot of time to code > >> > >> > >> https://savannah.gnu.org/maintenance/IdleAccounts/ > >> > >> Is it considered as "actually join any group" ? Yes, exactly. > > If you made at least one legitimate comment or commit, > > i did only > svn co svn+ssh://tdecon...@svn.savannah.nongnu.org/rapid/branches/gtkada-2.24 > but no > svn ci > > i find i'm not ready to make a commit now, and i don't want to make a straw > one > > Is it possible to ask savannah admins to have 2 or 4 more weeks to do that ? > i registered on May 15, so i'm at the end of the 2 1st weeks ... If your account is a member of any group, it isn't subject to automatically deleting (in fact, we don't check VCS commits at all). signature.asc Description: PGP signature
Re: [Savannah-hackers-public] account recovery guidelines
Hello, I've just committed a few first revisions of Savannah account recovery guidelines, https://savannah.gnu.org/maintenance/LostAccounts/ Comments and suggestions are welcome. Thank you! signature.asc Description: PGP signature
Re: Eligibility of CC-BY-SA for documentation within a software project
On Fri, Feb 28, 2020 at 04:39:35PM -0700, Karl Berry wrote: > > the entire repository with all previous history of commits (some of > which turned out to be inconsistent with the policies) to Savannah after > adjusting the current commits to the requirements? > > I don't know. I don't recall a precedent either way. TTBOMK the current practice is to keep the latest revisions compliant; it would be too much to require rewriting the history. signature.asc Description: PGP signature
Re: Eligibility of CC-BY-SA for documentation within a software project
On Fri, Feb 28, 2020 at 05:55:00AM +, Ineiev wrote: > > ... > > As far as I can recall, we are not allowed to accept gpl for manuals, > > although that seems draconian ... The GFDL is the license for GNU manuals; if some documentation is FDL-incompatible, GNU packages won't be able to use it, and it's expected that the GNU project should be able to copy from packages hosted on Savannah. signature.asc Description: PGP signature
Re: Eligibility of CC-BY-SA for documentation within a software project
On Thu, Feb 27, 2020 at 04:00:40PM -0700, Karl Berry wrote: > cc-by-sa became gplv3 compatible. > > Cool! I forgot that. > > Still not gfdl compatible. > > https://creativecommons.org/2015/10/08/cc-by-sa-4-0-now-one-way-compatible-with-gplv3/ > > In that light, I hope it would be allowed. > > I fear it's still an exception that rms would have to approve :(. > As far as I can recall, we are not allowed to accept gpl for manuals, > although that seems draconian and I can't find any explicit statement > about it right now :(. https://savannah.gnu.org/register/requirements.php: "For manuals, we recommend GNU FDL version X-or-later, where X is the latest released version of the FDL; other licensing compatible with that is acceptable". signature.asc Description: PGP signature
Re: A second Git repo for Gash
On Fri, Feb 07, 2020 at 12:58:27PM -0500, Timothy Sample wrote: > > Thanks! Here’s some descriptions. > > Gash: > > POSIX-compatible shell written in Guile Scheme > > Gash-Utils: > >Core POSIX utilities written in Guile Scheme I've just updated these strings in Savannah. signature.asc Description: PGP signature
Re: A second Git repo for Gash
On Thu, Feb 06, 2020 at 01:14:17PM -0500, Timothy Sample wrote: > > I was hoping to have a second Git repo for my project called “gash”. > Would it be possible to make one called “gash-utils”? Done; what the descriptions of your repositories should be? signature.asc Description: PGP signature
Re: [Savannah-users] Multiple GPG keys on Savannah
Hello, Asher; On Fri, Aug 02, 2019 at 12:13:13PM -0400, Asher Gordon wrote: > > I have an ECDSA key (ed25519) and and RSA key (rsa4096). I prefer to use > the ECDSA key since it is smaller and faster but still secure. I have > the RSA key in case people cannot use my ECDSA key (since ECC is still > relatively new). > > Is it OK to upload both keys? Or will that cause problems? Currently, I > have both keys uploaded [1]. Yes, you can upload as many keys as you reasonably want. > As a side note, when testing the keys, Savannah's gpg fails to import > the ECDSA key since it is too old (1.4.16). For example, when I try to > test both keys, it imports the RSA one successfully, but not the ECDSA > one: This means that Savannah won't be able to use your ECDSA key to send you encrypted emails; it still should use your RSA key for that (depending on your account configuration). > I would suggest updating Savannah's GnuPG since it is so old. I am still > able to upload the keys even though they don't pass the test, though. The respective part of Savannah runs Trisquel 7, and it comes with GnuPG 2.0 series which doesn't support ECC anyway; however, we should update it before 2020, and then... https://savannah.nongnu.org/support/?109583 signature.asc Description: PGP signature
Re: [Savannah-users] repository online
Hello, On Sun, Jul 28, 2019 at 06:59:51PM +0200, wscieklyfour...@o2.pl wrote: > I submitted repository with below details but cannot still find it under > search button. What search terms should I put? We only host packages that contain something substantial, they only show up under evaluation. Your submission contained no reasonable description, I'm going to discard it as spam; please fill the registration form carefully if you'd like to create a new group on Savannah; also, please check https://savannah.gnu.org/maintenance/HowToGetYourProjectApprovedQuickly/ Thank you! signature.asc Description: PGP signature
Re: [Savannah-users] Savane markup [was: How to subscribe to a bugreport?]
On Thu, Jun 13, 2019 at 06:21:35AM -0400, Paul Smith wrote: > > Any misspellings and it won't work. And of course, there's no preview > capability and there's no way to edit comments once they're created... > > Full info about what is available can be found here: > https://savannah.nongnu.org/cookbook/?func=detailitem_id=125 I've just added a page with an updated description of markup and a form to preview it, https://savannah.gnu.org/markup-test.php Let me know if any moves were in a wrong direction. signature.asc Description: PGP signature
Re: [Savannah-users] How to subscribe to a bugreport?
On Thu, Jun 13, 2019 at 06:21:35AM -0400, Paul Smith wrote: > Any misspellings and it won't work. Correct. > And of course, there's no preview capability No... well, there is, but only for comments, not for original submissions (yet). > and there's no way to edit comments once they're created... I'm not sure we should let people remove their comments; instead, I'm thinking of a way to hide them---like spam, but without "incriminating" the users. signature.asc Description: PGP signature
Re: [Savannah-users] How to subscribe to a bugreport?
On Thu, Jun 13, 2019 at 09:41:23AM +0300, Konstantin Kharlamov wrote: > Oh, did I mention the site also lost all whitespace > formatting that I applied to the report? t In fact, it is not completely lost, you can see it in the "page source", it's just browsers that "collapse" the spaces; perhaps we should modify rendering to enforce them. signature.asc Description: PGP signature
Re: [Savannah-users] How to subscribe to a bugreport?
Hello, Konstantin; On Thu, Jun 13, 2019 at 01:26:57AM +0300, Konstantin Kharlamov wrote: > Basically, I created a report http://savannah.gnu.org/bugs/index.php?56484 > and I want to subscribe to it. > > I haven't seen a CC field while creating a report, and there's no way to > modify the field now. > > I thought maybe I need to log in, but it's impossible either. When I create > an account, it says something like "this email already has account > registered". And then when I try "restore password" link, it requires a > login instead of email, and I've no idea what login it is. Certainly not the > one I usually use, because account creation prohibits certain characters on > login name. The account with your current email is nongnusucks; as I can see, you did manage to create another account and post from it in that bug. signature.asc Description: PGP signature
Re: [Savannah-users] Savannah https SSL certificates updated
On Mon, Mar 02, 2015 at 10:15:31PM +, Bob Proulx wrote: The https SSL certificates for the Savannah web site have been updated. It looks like this disabled some of my cron jobs on fencepost.gnu.org; it used to wget https://...savannah.gnu.org/...; now it says ERROR: cannot verify savannah.gnu.org's certificate, issued by `/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2': Unable to locally verify the issuer's authority. Probably I should file a request to sysadmin, or configure something in ~/. Any ideas?
Re: [Savannah-users] Problems with login
On 06/01/2013 01:55 PM, Albino B Neto wrote: 2013/6/1 Albino B Neto bino...@binoanb.eti.br: I did register in saravannah as binoanb. The registration was pending with email bino...@binanb.eti.br; I changed it to bino...@binoanb.eti.br and activated the account; you must be able to reset the password.
Re: [Savannah-users] Mailing list discarding random messages
On 05/25/2013 06:27 AM, Bob Proulx wrote: www-..-(general|trans|discuss|internal) www-..-..-(general|trans|discuss|internal) Is lista a pattern that should be added to that collection? Or is that a single one-off name unique to that list? I'd suggest www-..-..* (i.e. all lists of www.gnu.org translation teams).
Re: [Savannah-users] Mailing list discarding random messages
On 05/24/2013 08:48 PM, Marin Rameša wrote: I also have a mail that is for multiple recipients (including www-hr- li...@gnu.org) that did not get archived. Just a guess: did you try to remove listhel...@gnu.org from [General Options] - [The list moderator email addresses]?
Re: [Savannah-users] password must be more complicated
On 05/13/2013 11:19 PM, Jan Owoc wrote: Until this thread surfaced, I didn't know that a program like pwqcheck existed, let alone what the phrase pwqcheck options are: 'match=0 max=256 min=24,24,11,8,7' meant. I wanted to point out that a large portion of websites that require users to generate passwords either: A) have rules written out in human-readable form on what is an acceptable password (eg. have all 4 of these character classes AND be 7 characters long, or have 3 of 3 character classes AND be 8 characters long, or be at least 24 characters long); the user can then count the characters in the password they've invented or generated, and know if it would pass Something like attached? diff --git a/frontend/php/include/account.php b/frontend/php/include/account.php index e757500..70db623 100644 --- a/frontend/php/include/account.php +++ b/frontend/php/include/account.php @@ -23,14 +23,110 @@ require_once(dirname(__FILE__).'/pwqcheck.php'); +function expand_pwqcheck_options() { + global $pwqcheck_args; + + $args = $pwqcheck_args. ; + $help = ; + + if(preg_match(/max=([[:digit:]]*) /, $args, $matches)) { +$help .= br /\n; + $help .= sprintf(_(The maximum allowed password length: %s.), + $matches[1]); + } + + if(preg_match(/passphrase=([[:digit:]]*) /, $args, $matches)) { +$help .= br /\n; + $help .= sprintf(_(The number of words required for a passphrase: %s.), + $matches[1]); + } + + if(preg_match(/match=([[:digit:]]*) /, $args, $matches)) { +$help .= br /\n; +if($matches[1]) { + $help .= sprintf(_(EOF +The length of common substring required to conclude that a password +is at least partially based on information found in a character string: %s. +EOF +), $matches[1]); +} else { + $help .= _(Checks for common substrigs are disabled.); +} + } # preg_match($args, /match=([^ ]*)/ , $matches) + + $field = ([[:digit:]]*|disabled); + if(preg_match(/min=.$field.,.$field.,.$field.,.$field.,.$field. /, + $args, $matches)) { +$help .= br /\n; +if($matches[1] == disabled) { + $help .= +_(Passwords consisting of characters from one class only are not allowed.); +} else { + $help .= sprintf(_(EOF +The minimum length for passwords consisting from characters of one class: %s. +EOF +), $matches[1]); +} +$help .= br /\n; +if($matches[2] == disabled) { + $help .= _(EOF +Passwords consisting of characters from two classes that don't meet +requirements for passphrases are not allowed. +EOF +); +} else { + $help .= sprintf(_(EOF +The minimum length for passwords consisting from characters of two classes +that don't meet requirements for passphrases: %s. +EOF +), $matches[2]); +} +$help .= br /\n; +if($matches[3] == disabled) { + $help .= _(Check for passphrases is disabled.); +} else { + $help .= +sprintf(_(The minimum length for passphrases: %s.), $matches[3]); +} +$help .= br /\n; +if($matches[4] == disabled) { + $help .= _(EOF +Passwords consisting of characters from three classes are not allowed. +EOF +); +} else { + $help .= sprintf(_(EOF +The minimum length for passwords consisting from characters +of three classes: %s. +EOF +), $matches[4]); + } +$help .= br /\n; +if($matches[5] == disabled) { + $help .= _(EOF +Passwords consisting of characters from four classes are not allowed. +EOF +); +} else { + $help .= sprintf(_(EOF +The minimum length for passwords consisting from characters +of four classes: %s. +EOF +), $matches[5]); + } + } # preg_match(/min=.$field.,.$field.,.$field.,.$field.,.$field. /, + return $help; +} + function account_password_help() { global $use_pwqcheck, $pwqcheck_args; $help = _((long enough or containing multiple character classes: symbols, digits (0-9), upper and lower case letters)); if ($use_pwqcheck) { $pwqgen = exec(pwqgen); $help .= .sprintf(_((for instance: %s).), htmlspecialchars($pwqgen)); -$help .= .sprintf(_(pwqcheck options are: '%s'), +$help .= .sprintf(_(pwqcheck options are '%s'), htmlspecialchars($pwqcheck_args)); +$help .= expand_pwqcheck_options(); } return $help; }
Re: [Savannah-users] password must be more complicated
On 05/08/2013 11:34 AM, Bob Proulx wrote: I think it is useful to use pwqcheck and if it passes that then stop there. But if it fails pwqcheck I would like to look to see if it is a false positive. Look to see if it has a reasonable amount of character classes and if so then mark it okay. We could implement it as a warning rather than a requirement (Password has changed; note that it may be weak (pwqcheck message).).
Re: [Savannah-users] password must be more complicated
On 05/07/2013 11:48 AM, Bob Proulx wrote: But playing around with things I find some crazy behavior. Check this out. I ran pwgen to create random passwords. I tried some. The first several I tried failed. Others did work. $ echo ohtaOe0h | pwqcheck -1 max=256 min=disabled,24,11,8,7 Bad passphrase (based on a dictionary word and not a passphrase) $ echo uChiel9m | pwqcheck -1 max=256 min=disabled,24,11,8,7 Bad passphrase (based on a dictionary word and not a passphrase) $ echo Iephoo3i | pwqcheck -1 max=256 min=24,24,11,8,7 Bad passphrase (not enough different characters or classes for this length) $ echo ox8iChae | pwqcheck -1 max=256 min=24,24,11,8,7 OK pwgen -1 -s 8 1|while read i;do echo $i|pwqcheck -1 min=24,24,11,8,7;done |grep ^OK|wc -l 8698 pwgen -1 -s 9 1|while read i;do echo $i|pwqcheck -1 min=24,24,11,8,7;done |grep ^OK|wc -l 9334 Of course, an independent generator will produce some passwords that don't pass pwqcheck criteria, but IMHO the results are reasonable (provided the goal is to eliminate weak passwords rather than to accept all pwgen-generated ones).
Re: [Savannah-users] password must contain multiple character classes...
On 05/06/2013 09:48 AM, Bob Proulx wrote: Dan (jidanni) the original poster isn't subscribed. He didn't ask to be CC'd so we haven't been doing so. Would you write him and let him know that you improved things for him? Done. I have no idea on how to push the commit yet; it looks like it is not enough to be in the administration group to do that. Hmm... Let me look at things for a bit. Thank you!
Re: [Savannah-users] password must contain multiple character classes...
On 05/02/2013 11:10 PM, Bob Proulx wrote: There weren't any differences between the two repositories concerning the files for which you have proposed changes. So everything you propose applies equally to either. But it seems to me that the repository that needs your modifications is administration/savane. Since that is the one that is actively running the site. I think you are right; I should have noticed that myself. And if savane-cleanup is a fork then the improvements really need to go into it too. Does anyone know the status of that cleanup effort? The latest committer must know, unless the effort was abandoned.
Re: [Savannah-users] password must contain multiple character classes...
On 04/05/2013 09:49 PM, Karl Berry wrote: We are all agreed that the current savannah password requirement is suboptimal, so there's no point in continuing to argue about it, there's no one left to convince. What's needed, as always with savannah, is a person to volunteer to figure out how to actually change it and do the work. What about allowing longer passwords (e.g. up to 127 characters; more wouldn't probably be practically useful)?
Re: [Savannah-users] Contribute to www-nl
Hi, Karim! On 02/27/2013 08:57 AM, i...@kar.im wrote: I want to contribute to www-nl What do you want to contribute? but the module/folder ( http://cvs.savannah.gnu.org/viewvc/?root=www-nl http://cvs.savannah.gnu.org/viewvc/?root=www-nl ) doesn't exist. The way to contribute is group-specific. I also requested access to the group but haven't received anything back yet. As I can see, it was less than three days ago. It is unreasonable to _require_ so fast response from a group's admins.